Cryptsoft, IBM, NetApp, QuintessenceLabs, SafeNet, Thales e-Security Show Interoperability of Key Management Interoperability Protocol (KMIP); Axiomatics, The Boeing Company, NextLabs, Oracle, and Quest Software Products Support eXtensible Access Control Markup Language (XACML)
San Francisco, CA; 27 Feb 2012 – The RSA Conference is showcasing widespread marketplace support for security standards from the OASIS international consortium this week. Two separate demos feature eleven companies highlighting interoperability of the KMIP standard for key management and the XACML standard for access control. These open standards allow organizations to select from a host of best-in-class solutions with the assurance that they will be interoperable now and in the future.
The KMIP Interop provides a working snapshot of how smoothly this enterprise key management protocol functions in a multi-vendor environment. In Booth #128, clients from Cryptsoft, IBM, NetApp, and SafeNet communicate securely with key management servers from Cryptsoft, IBM, SafeNet, Thales and Quintessence Labs. Together, the clients and servers demonstrate the full key management life cycle including creating, registering, locating, retrieving, deleting, and transferring symmetric and asymmetric keys and certificates between vendor systems. Both the fully ratified KMIP 1.0 OASIS Standard and the KMIP 1.1 Committee Draft specification are being show.
The XACML demo shows how well this extremely flexible language for expressing access control policies is used in large-scale environments where resources are distributed and policy administration is federated. Axiomatics, The Boeing Company, NextLabs, Quest Software, and Oracle are demonstrating products that support the XACML Intellectual Property Control Profile.
This updated XACML Profile enables organizations to more granularly control access to many types of documents and data according to specific properties, e.g., copyright, proprietary, confidential, licenses, etc. The profile provides standardized attribute names/values to facilitate the tagging of meaningful metadata on data objects, such that coherent access control policies can be constructed. Utilization of metadata as resource attributes affords enhanced mechanisms for IP protection. The XACML demo shows how access control decisions can be based on an evaluation of the combination of subject attributes and metadata elements taken directly from the data resources themselves. The metadata then remains with the documents when they are transferred to other locations.
Support for KMIP Interop
“OASIS KMIP provides the blueprint – 2010 saw KMIP products in development, 2011 brought products from the early adopters and in 2012 deployed interoperability via KMIP is now a reality. As one of the first vendors supporting both KMIP v1.0 and v1.1, Cryptsoft is committed to enabling
industry adoption of KMIP. Our SDKs and adaptors enable our clients to both embrace KMIP and support existing non-KMIP solutions.” – Tim Hudson, Chief Security Architect
“As encryption expands, key management is one of the most critical components of an enterprise encryption strategy. Encryption has become the foundation of data protection and governance. Effectively securing, managing and maintaining thousands—or even millions—of heterogeneous crypto keys requires improving interoperability and standards. Across the industry, OASIS KMIP has been working to set that standard, and we’re proud to be leading the way with them.” |
– Rami Shalom, VP, Product Management, Data Encryption and Control
“As a premier provider of encryption and key management systems such as keyAuthority and an originating author of the KMIP specification, Thales is a strong supporter of KMIP. As the use of encryption continues to increase across multiple enterprise applications it is important to ensure data is not only secure but also available when needed. Enterprise key management will therefore become a more pressing issue and KMIP 1.1 will be a catalyst for growth of this market.”
– Robert Lockhart, Chief Solution Architect Key Management
Support for XACML Interop
“Axiomatics believes that OASIS plays an extremely important role in developing, driving forward, and disseminating XACML as the standard for securely sharing information via fine-grained, context aware authorization. This is why Axiomatics has been a part of the OASIS XACML Technical Committee since our company was founded, why today, our CTO, Erik Rissanen, is the editor of the XACML 3.0 specification, and why we will continue to play an active part in the committee.” – Babak Sadighi, Co-Founder, CEO
The Boeing Company
“Protecting intellectual property is the core mission of enterprise computing security organizations. The potential loss of intellectual property not only represents an existential threat to private sector companies, but also a security threat to nation states. This is why The Boeing Company sponsored the creation of the IPC profile. Our product, CIPHER, scans files and tags them with IPC metadata, which can then be evaluated by XACML PDPs at runtime.” – John Tolbert, Security Strategist
“As one of the most mature offerings, Oracle Entitlements Server supports the full breadth of standards for externalized authorization. This includes full support for ABAC, XACML, OpenAZ, NIST RBAC, and JAAS/Java2 Permissions. Oracle is the co-chair and editor of the OASIS XACML TC and dedicated to supporting all relevant authorization standards. Oracle Entitlements Server is embedded in Oracle’s Fusion Middleware, Fusion Applications, and Oracle’s Public Cloud offering and designed to handle our largest customer deployments.”
–Marc Boroditsky, VP, Product Management
“Quest Software is a strong supporter of OASIS and the XACML standard. The recent acquisition of BiTKOO, a market leader in the externalized fine-grained authorization and an XACML TC member, has been a key strategic addition to our product portfolio and is being well integrated into our Quest One identity solutions.” –Nick Nikols, VP and General Manager, Identity, Security, and Windows Management
OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for security, cloud computing, Web services, the Smart Grid, content technologies, business transactions, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.